X509San
Wallet trusts verifiers that are able to present a Client Identifier which is a DNS name and matches a dNSName Subject Alternative Name (SAN) RFC5280 entry in the leaf certificate passed with the request.
In this prefix, Verifier must always sign his request (JAR)
Parameters
trust
a function that accepts a chain of certificates (contents of x5c claim) and indicates whether is trusted or not